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EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the 
changes and/or additions be unacceptable to applicant, an amendment may be 
filed as provided by 37 CFR 1 .312. To ensure consideration of such an 
amendment, it MUST be submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone 
interview with Michael Garrabrants on 06/22/07. 

Claim 26: A computer readable medium storing instructions for execution 
in a computer, the medium when executed by a computer performing a the 
method comprising: 

accepting a connection at an institution server, the connection initiated by 
a user following a link from a portal, the link including a user identification; 

responsive to the connection, enabling the user to authenticate with the 
institution server using user-institution authentication data; 

responding to the authentication by associating the user identification with 
the portal; and 

servicing a request by the portal, after authenticating the portal using 
portal authentication data, by providing, to the portal, data of the user at the 
institution, wherein the user-institution authentication data and the portal 
authentication data are not the same data. 
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Claim 31: A computer program product comprising program code when 
executed on a computer performs fforl a method comprising: 

authenticating a user with a portal by determining whether user provided 
information matches stored user-portal authentication information; 

providing the user a link to an institution server, the link containing user 
identification information, the link for providing the user an opportunity to indicate 
to the institution that the portal is authorized to obtain user data stored at the 
Institution by providing user-institution authentication information to the institution 
server; 

authenticating the portal with the institution using portal-institution 
authentication information; 

obtaining user data stored at the institution; and 

performing on the user data an action selected from a first set of actions, 
wherein the portal-institution authentication information and the user-portal 
authentication information are not the same data. 

Allowable Subject Matter 
Claims 20 - 35 are allowed. 

The following is a statement of reasons for indication of allowable subject 
matter. 

The prior art fails to teach or suggest the limitations of: 
An information portal system that authenticates a user for access at the 
information portal system and then said portal authenticates itself to an institution 
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server to retrieve information on the user's behalf, wherein "the portal-institution 
authentication data [is] different from the user-institution authentication data." (as 
in independent Claims 20, 26 and 31). 

Such limitation is present in all independent claims. 

It is well known in the art of information systems for a user to authenticate 
himself with an information portal and for said information porta! to retrieve 
information from a financial institution server on the user's behalf. Traditionally, 
the user provides the information portal with the userid and password that the 
user would utilize to directly retrieve information from the financial institution, and 
the information portal using such authentication data interacts with the financial 
institution in the user's stead. Such a conventional system is termed a "stand-in" 
system, as the information portal stands in the place of the user to obtain data 
from the financial institution. 

The instant application distinguishes itself from this common practice as 
the userid and password that is utilized for direct user-institution authentication is 
different and separate from the userid and password utilized by the information 
portal for portal-institution authentication. 

With the usage of a dual authentication protocol, security is enhanced. 
Under the conventional system should unauthorized personnel infiltrate the 
information portal they could conceivably obtain a user's userid and password 
from the portal system, allowing them authorized access to user information at a 
financial institution. However, the instant application does not require storage of 
such information at the information portal, rather the information portal possesses 
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a separate and distinct userid and password for access to user information at a 
financial institution. Usage of a separate and distinct userid and password for 
authentication of the information portal allows the financial institution server to 
establish separate security protocols for the information portal, such as limiting 
the actions that the information portal can take on the user's behalf. 

Freishtat (US Patent 6,317,783) discloses an information portal system 
(intermediary website) in which a user (end user) provides the portal system with 
authentication data (registration information) for use with a financial institution (PI 
provider). The portal utilizes the user's authentication data to connect to the 
financial institution to retrieve information on the user's behalf. However, 
Freishtat does not teach nor suggest the applicant's dual authentication protocol 
wherein "the portal-institution authentication data [is] different from the user- 
institution authentication data." 

Neither this patent prior art reference, alone nor in combination with other 
patents, publications nor non-patent literature, disclosed nor teaches the 
feature(s) of a dual authentication protocol wherein "the portal-institution 
authentication data [is] different from the user-institution authentication data." 

Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Jason M. Borlinghaus whose telephone 
number is (571) 272-6924. The examiner can normally be reached on 8:30am- 
5:00pm M-F. 
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If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, James Kramer can be reached on (571) 272-6783. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 



JMB 
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